An Open Source Enterprise VPN Solution with OpenVPN and OpenBSD

Solving the problem

At Appalachian State University, we utilize an open
source VPN to allow faculty, staff and vendors
secure access to Appalachian State University's
internal network from any location that has an
Internet connection. To implement our virtual private
network project, we needed a secure VPN that is
flexible enough to work with our existing network
registration and LDAP authentication systems, has
simple client installation, is redundant, allows
multiple VPN server instances for special site-to-site
tunnels and unique configurations, and can run on
multiple platforms. Using OpenVPN running on OpenBSD,
we met those requirements and added a distributed
administration system that allows select users to
allow VPN access to specific computers for external
users and vendors without requiring intervention
from our network or security personnel. Our
presentation will start with a quick overview of
OpenVPN and OpenBSD and then detail the specifics
of our VPN implementation.

Dissatisfied with IPSec for road warrior VPN usage
we went looking for a better solution. We had hopped
that we could find a solution that would run on
multiple platforms, was flexible and worked well.
We found OpenVPN and have been pleased. Initially
we ran it on RHEL. We migrated to OpenBSD for pf
functionality and general security concerns. ...and
because we like OpenBSD.

Our presentation will focus on the specifics of our
VPN implementation. We will quickly cover the basics
of OpenVPN and the most used features of OpenBSD.
Moving along we will cover multiple authentication
methods, redundancy, running multiple instances,
integration with our netreg system, how pf has
extended functionality, embedding in appliances,
and client configuration. The system has proven
helpful with providing vendor access where needed
and we'll cover this aspect as well. Time permitting
we will cover current enhancement efforts and future
plans.

OpenVPN has been called the "Swiss army knife" of
VPN solutions. We hope our presentation leaves
participants with that feeling.